Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
November 18, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 300
Members: 0
Total: 300
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> how to hack phpBB 2.0.4 ?
Post new topic  Reply to topic View previous topic :: View next topic 
how to hack phpBB 2.0.4 ?
PostPosted: Tue Oct 04, 2005 1:23 pm Reply with quote
showie
Beginner
Beginner
 
Joined: Oct 04, 2005
Posts: 1




Can some explain me how i hack a phpbb 2.0.4 forum ?

tnx Wink
View user's profile Send private message
PostPosted: Tue Oct 04, 2005 4:25 pm Reply with quote
g30rg3_x
Active user
Active user
 
Joined: Jan 23, 2005
Posts: 31
Location: OutSide Of The PE




sorry to be rude...

but there is a lot of exploits with a Proof-of-concept, because that version is very old (today is launched the version 2.0.17)...

some of most know is the highlight vuln and his renoved version, there is xss with ie6, bypass technique for getting admin acces and in phpBB 2.0.8 a SQL-Injection...

some are here in waraxe an others are not...

phpBB List of Vulns since 2.0.4:
(in order of recently launched)

phpBB <= 2.0.16 XSS Remote Cookie Disclosure Exploit
http://www.waraxe.us/ftopict-890.html
http://www.milw0rm.com/id.php?id=1103
http://www.milw0rm.com/id.php?id=1095

phpBB 2.0.15 (highlight) Remote PHP Code Execution
http://www.waraxe.us/ftopict-883.html
http://www.waraxe.us/ftopict-873.html
http://www.waraxe.us/ftopict-872.html
http://www.securitytracker.com/id?1014320
http://www.frsirt.com/exploits/20050701.phpbb2015.py.php
http://www.milw0rm.com/id.php?id=1080
http://www.milw0rm.com/id.php?id=1076

phpBB <= 2.0.15 Register Multiple Users Denial of Service
http://www.waraxe.us/ftopict-855.html
http://www.milw0rm.com/id.php?id=1064
http://www.milw0rm.com/id.php?id=1063

phpBB <= 2.0.12 Change User Rights Authentication Bypass
http://securitytracker.com/alerts/2005/Mar/1013375.html
http://www.milw0rm.com/id.php?id=897
http://www.milw0rm.com/id.php?id=889
http://www.milw0rm.com/id.php?id=871
http://www.milw0rm.com/id.php?id=858

phpBB <= 2.0.10 Remote Command Execution Exploit
http://www.milw0rm.com/id.php?id=647
http://www.milw0rm.com/id.php?id=673

phpBB <= 2.0.8 XSS and full path disclosure
http://www.waraxe.us/content-34.html

phpBB <= 2.0.8 Critical sql injection
http://www.waraxe.us/content-13.html

phpBB 2.0.6c Non-critical Sql injection and XSS
http://www.waraxe.us/content-9.html

phpBB 2.0.6 search_id sql injection MD5 Hash Remote Exploit
http://www.milw0rm.com/id.php?id=137

phpBB 2.0.5 SQL Injection password disclosure Exploit
http://www.milw0rm.com/id.php?id=44

phpBB 2.0.4 Remote php File Include Exploit
http://www.milw0rm.com/id.php?id=47


so as you see there is A LOT of bugs in phpBB since the 2.0.4 and there is very easy to hack a forum with that version of phpBB, just you have to test any and use that information to "hack" that version...

as a recommendation, i suggest to take a while for read some of the post that you look interesting for your needs, some of this exploits has been talked on the forum and the most common question are answered...

if you have another question just type here and anybody can help you..

greetings from mexico
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
PostPosted: Thu Jan 05, 2006 5:42 am Reply with quote
chuan
Regular user
Regular user
 
Joined: Jan 05, 2006
Posts: 7




how to go about doing phpBB 2.0.6c Non-critical Sql injection and XSS?it makes me confused seeing all those programming language as i'am a newbie. Crying or Very sad
View user's profile Send private message
PostPosted: Sun Feb 19, 2006 4:27 pm Reply with quote
aicou
Beginner
Beginner
 
Joined: Feb 19, 2006
Posts: 1




hi
i'm a noob and i want to got a premium acount on this forum : http://xxx.xxxxxxxxxxxxxxx.xxx/xxxxxx/

could someone explain me ?
View user's profile Send private message
PostPosted: Mon Feb 20, 2006 11:42 am Reply with quote
shai-tan
Valuable expert
Valuable expert
 
Joined: Feb 22, 2005
Posts: 477




Please read the rules no posting of URLs in the forum.


Shai-tan

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Thu Mar 02, 2006 9:58 am Reply with quote
ianmac
Regular user
Regular user
 
Joined: Feb 26, 2006
Posts: 6




I can't find the rules anywhere. It's hard to obey rules you can't find.
View user's profile Send private message
PostPosted: Thu Mar 02, 2006 11:26 pm Reply with quote
shai-tan
Valuable expert
Valuable expert
 
Joined: Feb 22, 2005
Posts: 477




Try looking in the General Forum where most people would..... there is a post called THE FORUM RULES.

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
Re: how to hack phpBB 2.0.4 ?
PostPosted: Tue Jun 06, 2006 5:49 pm Reply with quote
Cumulus
Beginner
Beginner
 
Joined: Jun 06, 2006
Posts: 2
Location: Bangkok




showie wrote:
Can some explain me how i hack a phpbb 2.0.4 forum ?

tnx Wink


xxxx YOU!!! Twisted Evil
View user's profile Send private message
Re: how to hack phpBB 2.0.4 ?
PostPosted: Wed Jun 07, 2006 8:50 pm Reply with quote
Cumulus
Beginner
Beginner
 
Joined: Jun 06, 2006
Posts: 2
Location: Bangkok




showie wrote:
Can some explain me how i hack a phpbb 2.0.4 forum ?

tnx Wink


Skriv Norsk - vi vet hvem du er!
View user's profile Send private message
PostPosted: Sat Nov 10, 2007 9:45 pm Reply with quote
spearman
Beginner
Beginner
 
Joined: Nov 10, 2007
Posts: 1




Hi,

I need readaccess on a forum. Not sure exactly which version it is either (is there a way to check that btw?).
I do not have a user there and I can't access any files there or anything.
I don't understand enough of those hacks to even know for sure where to begin.
I have no knowledge of phpBB codes or SQL-structure.

Where would it be best to start and what to do first? I have moderate skills in PHP and MySQL, but no skills in anything else.
Any help would be appreciated Smile

-SpearMan
View user's profile Send private message
PostPosted: Sun Jul 20, 2008 9:04 pm Reply with quote
lady
Beginner
Beginner
 
Joined: Jul 20, 2008
Posts: 1




Invision Power Board v2.0.4

can anybody help to find out the password of the admin...I can give the rapidshare account olmost 3 month. Forum is russian, i need only password (admins), please,please somebody...I just want close my post....
other details all tell in privet messages please

sorry , my english bad....

waiting for somebody Shocked
View user's profile Send private message
how to hack phpBB 2.0.4 ?
  www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.083 Seconds